Individuals and organizations frequently seek to control how others access services under their control. For example, a parent may wish to enforce parental controls on televisions and smart phones in their household in order to control their child's access to various digital media. Similarly, an organization may wish to limit websites that its employees can access during work hours. In some cases, an individual or organization may use different access-control policies for certain people. For example, a parent can input a passcode to bypass parental controls so that they can watch movies that would otherwise be blocked. As an additional example, a project manager may have access to files and/or servers that other employees may be restricted from accessing.
Unfortunately, traditional access-control techniques suffer from a number of drawbacks. Some devices may be unable to execute access-control software. In other cases, an administrator may be unable or unwilling to install endpoint security software on certain devices. Even worse, clever users may be able to circumvent access-control software by uninstalling software, killing processes, spoofing their identity, or otherwise tampering with the access-control software. Furthermore, controls on shared machines may be unable to enforce proper policies if they are unable to properly identify the user that is accessing the content. Accordingly, the instant disclosure identifies and addresses a need for improved systems and methods for enforcing access-control policies.